package cn.mdmm.controller.system;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ConcurrentAccessException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import cn.mdmm.entity.response.ResponseBodyToOne;
import cn.mdmm.shiro.DatabaseRealm;
import cn.modoumama.common.annotation.OpLog;
import cn.modoumama.common.utils.StringUtils;

/**
 * Web MVC controller that handles security-related web requests, such as login
 * and logout.
 */
@Controller
@RequestMapping(value = "/security")
public class SecurityController {
	private static Logger logger = LoggerFactory.getLogger(SecurityController.class);
	
	@Autowired
	DatabaseRealm databaseRealm;
	
	@RequestMapping(value = "login", method = RequestMethod.GET)
	public String showLoginForm(HttpServletRequest request) {
		return "login";
	}
	
	@RequestMapping(value = "unauthorized")
	public String unauthorized(HttpServletRequest request) {
		return "unauthorized";
	}
	@RequestMapping(value = "login", method = RequestMethod.POST)
	@OpLog(logDesc="系统登陆")
	@ResponseBody
	public ResponseBodyToOne login(HttpServletRequest request,UsernamePasswordToken token) {
		ResponseBodyToOne responseBody = new ResponseBodyToOne();
		token.setHost(request.getRemoteAddr());
		String msg = null;
		try {
			SecurityUtils.getSubject().login(token);
		} catch (UnknownAccountException e) {
			msg = "用户名错误！";
		}catch (LockedAccountException e) {
			msg = "账户已锁定！";
		}catch (IncorrectCredentialsException e) {
			msg = "密码不正确！";
		}catch (ExcessiveAttemptsException e) {
			msg = "用户名或密码错误超过5次,请5分钟后重试";
		}catch (ConcurrentAccessException e) { 
			msg = "用户已登录！";
		}catch (AccountException e) {
			msg = "账户被冻结！";
		}catch (AuthenticationException e) {
			msg = "认证失败！";
		}catch(Exception e){
			logger.error("Error authenticating.",e);
			msg = "未知帐号错误！";
		} 
		
		if (StringUtils.isNotBlank(msg)) {
			responseBody.addErrInfo("999", msg, null);
		}
		return responseBody;
	}

	@RequestMapping("/logout")
	public String logout(HttpServletRequest request) {
		try {
			databaseRealm.clearCachedAuthorizationInfo(null);
			SecurityUtils.getSubject().getSession().stop();
			
		} catch (Exception e) {
		}
		return "redirect:/";
	}
	@RequestMapping("/main")
	public String main() {
		return "main";
	}
}
